Twin -

Honda investigates suspected Snake ransomware attack

Attack disrupts global operations at carmaker, with assembly lines falling silent and sales suspended

Production and sales of Honda cars, motorcycles and other products has been suspended at sites around the world while the Japanese automaker attempts to recover its systems following a suspected ransomware attack that compromised access to its IT systems.

The firm confirmed that production at its factories across the world had been halted, while at its UK plant in Swindon, where it manufactures its Civic model, a planned reopening after the facility was shut down due to the Covid-19 coronavirus pandemic has been pushed back to later this week.

“Honda can confirm that a cyber attack has taken place on the Honda network,” a spokesperson for the firm told Computer Weekly. “We can also confirm that there is no information breach at this point in time.

“Work is being undertaken to minimise the impact and to restore full functionality of production, sales and development activities. At this point, we see minimal business impact.”

The attack first came to light on Monday 8 June, when Honda said it was investigating what was then believed to be an unauthorised attempt to access its systems. According to the Financial Times, the firm told staff not to access their IT equipment as a precaution while it investigated.

This has prompted speculation among security researchers that the firm has been targeted with the relatively new Snake, or Ekans, strain, after a sample of the ransomware came to light that contains references to an IP address linked to a Honda domain, and checks for an internal Honda network before encrypting files.

First identified earlier in 2020, Snake/Ekans is a particularly dangerous variety of ransomware that specifically targets industrial control systems (ICS).

According to researchers at Dragos, it contains a “relatively primitive” attack mechanism, but specifies a large number of processes in a static kill list that demonstrates a level of intentionality on the part of its writers that has not been seen before in ransomware targeting manufacturers. This makes it particularly dangerous.

Read more about ransomware

  • SearchSecurity’s Risk & Repeat podcast discusses the prospect of ransomware gangs working together and what it could mean for enterprises and the overall threat landscape.
  • The operators of the Sodinokibi ransomware strain are auctioning off swathes of stolen data in an apparent bid to raise cash. What is motivating this new tactic?
  • Malicious actors are taking advantage of coronavirus fears to wreak havoc on cyber security. Check out our guide to learn about phishing and ransomware threats and how to stop them.

Dave Palmer, director of technology at AI security outfit Darktrace, said: “Ekans is a relatively new form of ransomware – a tool that has the power to lock down industrial control systems and machinery in factories. 

“Critical environments do not fail gracefully. There isn’t the option of reverting to pen and paper and muddling along. We need to build in cyber resiliency so these systems are able to resist and fight back against cyber attacks.”

Oz Alashe, CEO at CybSafe, added: “Snake … targets an entire network, rather than individual workstations. Honda’s global operations have already been disrupted, and while some systems appear to be back online, it is likely that rolling back up to full operations will take some time.

“This attack comes at a challenging moment for the automaker, with the business already facing added financial pressure from coronavirus and reduced demand for its goods.”

Dragos encouraged ICS asset operators to review their attack surfaces urgently and determine mechanisms to deliver and distribute Ekans/Snake.

Read more on Hackers and cybercrime prevention

Data Center
Data Management